locked
Outlook 2013 Connection Problems RRS feed

  • Question

  • Hello everyone and thanks for your help in advance. I have done a fresh install of an Exchange 2013 server. I would now like to connect Outlook 2013 to this server but am receiving either unable to connect to exchange server or unable to resolve name.  I am able to access the server through OWA. I am attempting to use a self-signed certificate (this is at lab stage so I don't need an enterprise CA just yet). I was able to view and install the certificate from OWA and it shows as a Trusted Root Certification Authority.  However, IE still shows a certificate error in the address bar.  I can access OWA using https://mail.mydomain.com and I use that as the settings for the Exchange 2013 proxy (the internal name of the machine is MAIL).  On one attempt, I was presented with the challenge box to enter credentials, but did not get a connection.  Any help would be appreciated.
    Monday, September 14, 2015 2:47 PM

Answers

All replies

  • It is the certificate that is the problem.

    If you are still getting trust errors in IE then you didn't install it correctly.

    Exchange 2013 is completely web services based and uses SSL heavily. The URLs configured in the server need to match the SSL certificate. Even in a lab I will use trusted SSL certificates - if internal or controlled use only a one year single name SSL certificate can be found pretty cheaply and saves a lot of headaches for a very small outlay.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Monday, September 14, 2015 4:03 PM
  • Hello

    its not enough information.

    check internal and external url from client. /try open from ie/
    Get-WebservicesVirtualDirectory |Fl internalURL,ExternalURL
    Get-OwaVirtualDirectory |Fl internalURL,ExternalURL
    Get-ecpVirtualDirectory  |Fl internalURL,ExternalURL
    Get-ActiveSyncVirtualDirectory |Fl internalURL,ExternalURL
    Get-OABVirtualDirectory |Fl internalURL,ExternalURL
    Get-ClientAccessServer  |Fl internalURL,ExternalURL
    Get-OutlookAnywhere |Fl *inter*,*exter*


    sorry my english

    Monday, September 14, 2015 4:05 PM
  • Thanks for the response.  I hear Simon loud and clear that I might be banging my head using a self-signed, but I'm trying to learn this new architecture.  More information on the server:


    InternalUrl : https://mail.domain.mydomain.com/EWS/Exchange.asmx
    ExternalUrl :

    [PS] C:\Windows\system32>Get-OwaVirtualDirectory |Fl internalURL,ExternalURL

    InternalUrl : https://mail.domain.mydomain.com/owa
    ExternalUrl :

    [PS] C:\Windows\system32>Get-ecpVirtualDirectory  |Fl internalURL,ExternalURL


    InternalUrl : https://mail.domain.mydomain.com/ecp
    ExternalUrl :

    [PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory |Fl internalURL,ExternalURL


    InternalUrl : https://mail.domain.mydomain.com/Microsoft-Server-ActiveSync
    ExternalUrl :


    [PS] C:\Windows\system32>Get-OABVirtualDirectory |Fl internalURL,ExternalURL


    InternalUrl : https://mail.domain.mydomain.com/OAB
    ExternalUrl :


    [PS] C:\Windows\system32>Get-ClientAccessServer  |Fl internalURL,ExternalURL


    [PS] C:\Windows\system32>Get-OutlookAnywhere |Fl *inter*,*exter*


    InternalHostname                   : mail.domain.mydomain.com
    InternalClientAuthenticationMethod : Ntlm
    InternalClientsRequireSsl          : False
    ExternalHostname                   :
    ExternalClientAuthenticationMethod : Negotiate
    ExternalClientsRequireSsl          : False

    Monday, September 14, 2015 6:55 PM
  • Self signed certificates are not supported for Outlook ANywhere. You need a proper cert with the correct names added to it.

    Either:

    • Buy a cert
    • Install windows CA onto one of your servers in that lab, and issue the cert from that CA.

    Cheers,

    Rhoderick

    Microsoft Senior Exchange PFE

    Blog: http://blogs.technet.com/rmilne  Twitter:   LinkedIn:   Facebook:   XING:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, September 14, 2015 7:05 PM
  • Or get one for free from sites like StartSSL/Comodo/etc :)
    Monday, September 14, 2015 7:24 PM
  • Hello

    if lab scenario only, create new self signed cert with all domain mail.domain.mydomain.com, mail.mydomain.com and from gpo install all client to trusted cert and need work.


    sorry my english

    Monday, September 14, 2015 7:35 PM
  • Or get one for free from sites like StartSSL/Comodo/etc :)

    As long as it is a trusted CA issued cert :)  Do you also need to install a non-production issuing root as part of those free certs?

    Cheers,

    Rhoderick

    Microsoft Senior Exchange PFE

    Blog: http://blogs.technet.com/rmilne  Twitter:   LinkedIn:   Facebook:   XING:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, September 14, 2015 7:45 PM
  • Hello

    if lab scenario only, create new self signed cert with all domain mail.domain.mydomain.com, mail.mydomain.com and from gpo install all client to trusted cert and need work.


    sorry my english


    No - see above please.

    Cheers,

    Rhoderick

    Microsoft Senior Exchange PFE

    Blog: http://blogs.technet.com/rmilne  Twitter:   LinkedIn:   Facebook:   XING:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, September 14, 2015 7:46 PM
  • Thanks to all for the response.  So basically, the cert being used by Exchange can definitely not be used.  Is this correct?  So I either need to:

    1.  Purchase a trusted SSL and install it on the Exchange Server in place of the one generated by Exchange (not sure how to do that but will start searching).

    2.  Or use Certificate Services, which had to have been installed on the Exchange box to generate the first cert.  Use that to generate another cert, apply it to the Exchange Server default site and install it on the client (will have to look for how to do that as well).

    Am I understanding correctly?  In other words, the default cert cannot be used under any circumstances?

    Thanks for the help.

    Monday, September 14, 2015 8:08 PM
  • Hi,

    This self-signed certificate is used to encrypt communications between the Client Access server and the Mailbox server. Outlook Anywhere won't work with a self-signed certificate on the Client Access server.

    More detailed information about certificate ,you can refer to the below link:

    https://technet.microsoft.com/en-us/library/dd351044%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

    In addiction,you can follow the below article to create a SSL certificate request:

    http://exchangeserverpro.com/create-ssl-certificate-request-exchange-2013/

    Regards,

    David 


    • Proposed as answer by David Wang_ Friday, September 18, 2015 7:23 AM
    • Marked as answer by David Wang_ Wednesday, September 23, 2015 8:25 AM
    Tuesday, September 15, 2015 2:00 AM